Klaus Knopper answers your Linux questions

Ask Klaus

Knoppix on a Hard Drive

Hi. Thanks for answering questions. I am not a proficient user of software. I've just come across your Knoppix and would like to know if it is at all possible to install it to my local hard drive.

I've tried USB and it works just fine. In fact, I am writing this mail from a minicomputer with only restricted and minimal resources. No problem. But, onto a HD – how about that?

I thank you in advance.

Trygve

Answer

Remarkably, this is still a "frequently asked question," although the Knoppix hard disk installer has existed for quite a while now. This is probably because I tend to say that Knoppix runs best from USB flash disk or DVD, rather than installed as a regular hard disk system – hard disk installation is not as popular, yet possible.

For Knoppix versions 6.x and newer, the hard disk installer, called 0wn ("zero work needed"), tries to make installation very easy by guiding you through hard disk preparation and just allowing you to install the filesystem "as is," without any choice or selection of software packages.

Like most of the Knoppix-specific tools, the hard disk installer can be found inside the Knoppix submenu (Figure 1).

Figure 1: Knoppix hard disk installer menu item.

If you plan to use the installer, you should read the short help inside, which explains how to partition the hard disk correctly, and which options are available (Figure 2).

Figure 2: Knoppix HD installer "0wn" help text.

Because the compressed Knoppix filesystem from DVD will be uncompressed to hard disk, you will need about 15GB of free space. The most uncomplicated way would be choosing the entire disk for Knoppix, although dual booting with another operating system as an option is also known to work.

After hard disk installation, you can update packages almost as in a normal Debian hard disk installation. However, please be aware: Although it is quite easy to upgrade individual packages, running a dist-upgrade of all installed packages will most likely fail because of dependency problems.

Knoppix takes some packages from the Debian/unstable branch to provide the most current graphics drivers and desktop software, whereas other system software is regularly chosen from the Debian/stable branch. Therefore, I would recommend just upgrading individual programs and libraries as needed, rather than running a regular complete upgrade.

Knoppix Filesystem

Klaus: I have enjoyed Knoppix for many years, but in the last year I have standardized on the ext4 filesystem. The installation insists on Reiser.

How can I get around this? Will new versions let you choose?

Ian

Answer

I chose ReiserFS because it automatically repairs filesystem inconsistencies during mount, in case the system has not been shot down cleanly before reboot. No filesystem check is necessary. Ext4 uses a similar algorithm for the filesystem check; however, in some cases it still takes a long time and sometimes requires manual interaction. I want to keep the startup process as simple as possible, and using a filesystem that is easy to handle by beginners is an essential part of that.

Also, installing a kernel on ext4 requires a bootloader with full ext4 support, which is more complex than bootloaders accessing ReiserFS. For just working, surfing, and playing with GNU/Linux, ext4 has no essential improvement or advantage to offer for the user compared with ReiserFS, so I tend to stay with the latter.

However, if you want to change filesystems to ext4 for some reason, the Knoppix kernel configuration already has ext4 compiled in, and you could copy over the filesystem content from the installed ReiserFS to an ext4 partition, then adapt the bootloader to ext4 manually.

SSL Heartbleed Bug – Knoppix Affected?

Many readers have noticed the bad news about the common OpenSSL security error, which allows attackers to remote read parts of a computer's memory, including passwords and private keys, through the "heartbleed" bug [1]. Is Knoppix also affected, and if yes, what can I do now, except wait for the next release?

Every GNU/Linux distribution using libssl version 1.0.1 – up to and including 1.0.1f – is affected, but it does not mean that you have to stop using Knoppix or change all of your local passwords immediately, because exploiting the heartbleed bug is a server-side, not a client-side, attack. Moreover, data on your own computers is safe from being exposed, unless you are running a server open to the Internet by yourself.

Knoppix does not start any Internet-accessible services by default, SSL-aware or not, so using any version of Knoppix for online shopping or Internet banking is fine. However, if you run the Apache 2 web server with HTTPS support, OpenSSH, Samba, or other SSL-aware servers, you should definitely upgrade OpenSSL and change all access tokens.

Libssl 1.0.1g fixes the heartbleed bug. It is sufficient to upgrade the libssl1.0.0 Debian package with

sudo apt-get update
sudo apt-get install libssl1.0.0

and then restart the init scripts that control eventually running servers (e.g., /etc/init.d/ssh restart). If you are using plain Debian/testing or unstable, it may be necessary to append the corresponding option -t testing or -t unstable to the install command.

Note that wpa_supplicant, which manages the SSL part of WPA/WPA2 connections, was using libtls on Knoppix instead of OpenSSL and is not affected.

So, Knoppix got away quite lucky with this bug. However, because many of the servers you use daily on the Internet are likely affected by the bug, it is still advisable to change passwords, client certificates, or other access tokens for them, because vulnerable servers did expose session data, even if the connection was encrypted and even if your client is absolutely secure.

Klaus Knopper is the creator of Knoppix and co-founder of LinuxTag expo. He currently works as a teacher, programmer, and consultant. If you have a configuration problem, or if you just want to learn more about how Linux works, send your questions to: klaus@linux-magazine.com

Klaus Knopper is the creator of Knoppix and co-founder of LinuxTag expo. He currently works as a teacher, programmer, and consultant. If you have a configuration problem, or if you just want to learn more about how Linux works, send your questions to: klaus@linux-magazine.com